Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp3415614ybl;
        Sun, 2 Feb 2020 23:21:06 -0800 (PST)
X-Google-Smtp-Source: APXvYqzu8VkJmFADE/fCMUpchjW2zXHkV7X2Q33/CSeG/+N+r8wVjMgBv5kId+ZZJE8SADD/xlwQ
X-Received: by 2002:a05:6830:612:: with SMTP id w18mr17104567oti.160.1580714465927;
        Sun, 02 Feb 2020 23:21:05 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1580714465; cv=pass;
        d=google.com; s=arc-20160816;
        b=DERkrDZkoCkThc6X+kNY6fNEZ3qgylqVMOj1SIu8uE/SN3T8T9N7c4hD8zI0DW7MZq
         cdsHSU3iRDSjllVrkJgs1BcCvDmM+JLrzSRLD0sFEJdB7fKHgUiO+QoLK/drRdMObUBy
         zYT0zgDph9IdZ+66nmyfRYt9EVhrlniRYeD1XcZCC22i4MSr+oVcCdaWxtCr/aq3vDMw
         /ZodRVG19lkYlg7UQtf/X0n59a09j/3S4+TIiSxpvbSf505GU1Q3Y4KP0MZ99f8dZNol
         o/0DsvKZvuXDVRRPpcyiRMocnSphe4lcwo2KGJxtVAkgib9wO4S/8rbpcaLASF0/Vg2j
         lXIw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:content-language
         :content-transfer-encoding:in-reply-to:user-agent:date:message-id
         :from:references:cc:to:subject;
        bh=mvh2yG4clWkAxsyCqYMPPlaUEAJaPMDA8mCVCk0Jz7c=;
        b=vZu5kxtFjocNVdUTpFkiYTZDqYrwHgped9HLJguIM5fWa4EmoIlt/465Cz0UTpKI2w
         R16hfnUGt7vR/4yKpFAAJmFJsXfoRxwkw5z1H0XQWBJ2RSaj9Wnouw8WLHivM+34kLxx
         k6MwJMCE9D6rtF9rpdI1PeW3ms4yd/0Rzan0Tgq6koV8ysv2i9fmSm0h/LISR5FJcmXf
         x9zhMO/1Mo6oxXfmlx7+tuguEv6E1+IiTK+e4HYzCkVLlDOmETypLXmN1gyRimZmMt+9
         9BUqKFsJyLP2D0ioaJgL547vBdD+UlOi8/ikD/aQ7nurDSaa7GaLqauR5kZfUfSvmtb2
         8IuA==
ARC-Authentication-Results: i=2; mx.google.com;
       arc=pass (i=1 spf=pass spfdomain=live.cn dkim=pass dkdomain=live.cn dmarc=pass fromdomain=live.cn);
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=live.cn
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id j1si8383854otr.207.2020.02.02.23.20.54;
        Sun, 02 Feb 2020 23:21:05 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       arc=pass (i=1 spf=pass spfdomain=live.cn dkim=pass dkdomain=live.cn dmarc=pass fromdomain=live.cn);
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=live.cn
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727282AbgBCFTg (ORCPT <rfc822;a.buran28@gmail.com> + 99 others);
        Mon, 3 Feb 2020 00:19:36 -0500
Received: from mail-oln040092254087.outbound.protection.outlook.com ([40.92.254.87]:6315
        "EHLO APC01-PU1-obe.outbound.protection.outlook.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1725800AbgBCFTg (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 3 Feb 2020 00:19:36 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=ZqIaAGFex6xSOHLS34JcvU+4O4wYTkSiuQ26iQrAQIcwCT7xvRN5G474zku0uFCLLtAtdvsEfJcvFf31GmojTeTKWNtZ+IzZeMl/HDXetPRONhfIsSEcBc4q3yKvtpVMM5le4OIi9OM4SfkG3Z/rveYDClOtQjF/f+f82+bXL/q0f8F+vTALM+W6TOo+Bq898cmxugKlXzQl10WTNm/SFTAKVjfd2NGqxce61YViv5OBXM+HEEWODnMP2ABRohpATyz9Gs7ID8y/TonZyCFSr9SPC6eS7tf9UN/FutPs6TYxhSRh1CkpglCQ8oPyIf/Qi+7lrYaqNyZJWVoMWC5JsQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=mvh2yG4clWkAxsyCqYMPPlaUEAJaPMDA8mCVCk0Jz7c=;
 b=D+ITAotcV2DmpH5BXvHNbF9s8lZraOCbESMicZB+2/82tuZCOo5dijtVsQSEyO8iHokZBF5hYc05Z4v+n0GuVS/L8MXdFHDKO3oLNyFKJtHRScVsfH7gPRceXukv5QLk3LxSvFM//0teKF6GGLFCtegCGWHEuoEWpIufHmj3HwkyoYkmM74CeWi3c3no3iS8kL4af8XvfkyUuWPyVoVbIwGBYlPxxEBNEjDcfPGPayUNtdhqQ6eHVI3OnOWDAaECJeOhpTc4ADVwE7hur10miQ7YP9b/ZulGzEKf/uP2WZ5Av1awnXOx2163QySFrzacZNY/9Q8EhCHSNwzY+SsVGg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=live.cn; dmarc=pass action=none header.from=live.cn; dkim=pass
 header.d=live.cn; arc=none
Received: from PU1APC01FT026.eop-APC01.prod.protection.outlook.com
 (2a01:111:e400:7ebe::38) by
 PU1APC01HT109.eop-APC01.prod.protection.outlook.com (2a01:111:e400:7ebe::286)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2686.25; Mon, 3 Feb
 2020 05:19:30 +0000
Received: from HK0PR02MB3780.apcprd02.prod.outlook.com (10.152.252.56) by
 PU1APC01FT026.mail.protection.outlook.com (10.152.252.235) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2686.25 via Frontend Transport; Mon, 3 Feb 2020 05:19:30 +0000
X-IncomingTopHeaderMarker: OriginalChecksum:3728DC8EAE5FA66CDFA56E9E30CD9ABA8DB1C45788CB2412F3B57C7E15EB2856;UpperCasedChecksum:8C4A5CA75E511C2FBB62146B002089E37EC0156D661038795B823C2B97B1E6CF;SizeAsReceived:9171;Count:49
Received: from HK0PR02MB3780.apcprd02.prod.outlook.com
 ([fe80::2cb7:1e4d:61c1:6fb1]) by HK0PR02MB3780.apcprd02.prod.outlook.com
 ([fe80::2cb7:1e4d:61c1:6fb1%6]) with mapi id 15.20.2686.031; Mon, 3 Feb 2020
 05:19:30 +0000
Subject: Re: [PATCH] ocfs2: fix the oops problem when write cloned file
To:     Gang He <GHe@suse.com>, "mark@fasheh.com" <mark@fasheh.com>,
        "jlbec@evilplan.org" <jlbec@evilplan.org>,
        "joseph.qi@linux.alibaba.com" <joseph.qi@linux.alibaba.com>,
        Shuning Zhang <sunny.s.zhang@oracle.com>
Cc:     "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "ocfs2-devel@oss.oracle.com" <ocfs2-devel@oss.oracle.com>,
        "akpm@linux-foundation.org" <akpm@linux-foundation.org>
References: <20200121050153.13290-1-ghe@suse.com>
 <CH2PR18MB3206F418382332EB25130477CF000@CH2PR18MB3206.namprd18.prod.outlook.com>
From:   Changwei Ge <gechangwei@live.cn>
Message-ID: <HK0PR02MB378058FC927798C4DCF574B2D5000@HK0PR02MB3780.apcprd02.prod.outlook.com>
Date:   Mon, 3 Feb 2020 13:19:23 +0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0)
 Gecko/20100101 Thunderbird/68.4.2
In-Reply-To: <CH2PR18MB3206F418382332EB25130477CF000@CH2PR18MB3206.namprd18.prod.outlook.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-ClientProxiedBy: HK2PR0302CA0009.apcprd03.prod.outlook.com
 (2603:1096:202::19) To HK0PR02MB3780.apcprd02.prod.outlook.com
 (2603:1096:203:9c::13)
X-Microsoft-Original-Message-ID: <351b57b3-41ad-6e6a-ab8d-b3df3795bbdb@live.cn>
MIME-Version: 1.0
Received: from IT-C02YD3Q7JG5H.local (101.204.31.21) by HK2PR0302CA0009.apcprd03.prod.outlook.com (2603:1096:202::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2707.12 via Frontend Transport; Mon, 3 Feb 2020 05:19:28 +0000
X-Microsoft-Original-Message-ID: <351b57b3-41ad-6e6a-ab8d-b3df3795bbdb@live.cn>
X-TMN:  [ykZsVzNLTOpOXHeI+SBbgfoMuEs8oFln]
X-MS-PublicTrafficType: Email
X-IncomingHeaderCount: 49
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-Correlation-Id: 3bbb2890-8690-436f-ecac-08d7a868a491
X-MS-TrafficTypeDiagnostic: PU1APC01HT109:
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: Qqhju6H5fAaJy2qvZvQLi0hQvqdUoTlk+Yhz4i8qmpqRQYFkAaH9JUK6eB7wuzYh+iqQ5jPz+xdIOVv+M7zVDkHnq1CnYZawEUunSzvkIowBcQAd3JDWeZ2RI9Ven7ns8cwzchwqvEuoJw74j/PcWAn0u4pa5CZRwGqXRbOLcbpk67pcrC/K6csA6DNyWRQ3
X-MS-Exchange-AntiSpam-MessageData: YFGgYGdVw2qUkcy4ftuPhgj3cFgZ5ObIyJy227hyc7BmX9csWUjQqBoZyh6BaJShfWRnL0uF8LWywAi1eIQ7jncBk7vdtge6JOVAApZ2froDAe/0d/rFynf2t1F3pJJnlRWNcZKzVrdKuXMALX0b2w==
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3bbb2890-8690-436f-ecac-08d7a868a491
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Feb 2020 05:19:30.6964
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PU1APC01HT109
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Sure. I will try to allocate some time for this change.

     - Changwei

On 2/3/20 10:17 AM, Gang He wrote:
> Hello Joseph, Changwei, Sunny and all,
>
> Could you help to review this patch?
> This patch will fix the oops problem caused by write ocfs2 clone files.
> The root cause is inode buffer head is NULL when calling ocfs2_refcount_cow.
> Secondly, we should use EX meta lock when calling ocfs2_refcount_cow.
>
> Thanks a lot.
> Gang
>
> ________________________________________
> From: Gang He <GHe@suse.com>
> Sent: Tuesday, January 21, 2020 1:02 PM
> To: mark@fasheh.com; jlbec@evilplan.org; joseph.qi@linux.alibaba.com
> Cc: Gang He; linux-kernel@vger.kernel.org; ocfs2-devel@oss.oracle.com; akpm@linux-foundation.org
> Subject: [PATCH] ocfs2: fix the oops problem when write cloned file
>
> Writing a cloned file triggers a kernel oops and the user-space
> command process is also killed by the system.
> The bug can be reproduced stably, e.g.
> 1)create a file under ocfs2 file system directory.
>    journalctl -b > aa.txt
> 2)create a cloned file for this file.
>    reflink aa.txt bb.txt
> 3)write the cloned file with dd command.
>    dd if=/dev/zero of=bb.txt bs=512 count=1 conv=notrunc
>
> The dd command is killed by the kernel, then you can see the oops
> message via dmesg command.
>
> [  463.875404] BUG: kernel NULL pointer dereference, address: 0000000000000028
> [  463.875413] #PF: supervisor read access in kernel mode
> [  463.875416] #PF: error_code(0x0000) - not-present page
> [  463.875418] PGD 0 P4D 0
> [  463.875425] Oops: 0000 [#1] SMP PTI
> [  463.875431] CPU: 1 PID: 2291 Comm: dd Tainted: G           OE     5.3.16-2-default
> [  463.875433] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
> [  463.875500] RIP: 0010:ocfs2_refcount_cow+0xa4/0x5d0 [ocfs2]
> [  463.875505] Code: 06 89 6c 24 38 89 eb f6 44 24 3c 02 74 be 49 8b 47 28
> [  463.875508] RSP: 0018:ffffa2cb409dfce8 EFLAGS: 00010202
> [  463.875512] RAX: ffff8b1ebdca8000 RBX: 0000000000000001 RCX: ffff8b1eb73a9df0
> [  463.875515] RDX: 0000000000056a01 RSI: 0000000000000000 RDI: 0000000000000000
> [  463.875517] RBP: 0000000000000001 R08: ffff8b1eb73a9de0 R09: 0000000000000000
> [  463.875520] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000
> [  463.875522] R13: ffff8b1eb922f048 R14: 0000000000000000 R15: ffff8b1eb922f048
> [  463.875526] FS:  00007f8f44d15540(0000) GS:ffff8b1ebeb00000(0000) knlGS:0000000000000000
> [  463.875529] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [  463.875532] CR2: 0000000000000028 CR3: 000000003c17a000 CR4: 00000000000006e0
> [  463.875546] Call Trace:
> [  463.875596]  ? ocfs2_inode_lock_full_nested+0x18b/0x960 [ocfs2]
> [  463.875648]  ocfs2_file_write_iter+0xaf8/0xc70 [ocfs2]
> [  463.875672]  new_sync_write+0x12d/0x1d0
> [  463.875688]  vfs_write+0xad/0x1a0
> [  463.875697]  ksys_write+0xa1/0xe0
> [  463.875710]  do_syscall_64+0x60/0x1f0
> [  463.875743]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
> [  463.875758] RIP: 0033:0x7f8f4482ed44
> [  463.875762] Code: 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 80 00 00 00
> [  463.875765] RSP: 002b:00007fff300a79d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
> [  463.875769] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8f4482ed44
> [  463.875771] RDX: 0000000000000200 RSI: 000055f771b5c000 RDI: 0000000000000001
> [  463.875774] RBP: 0000000000000200 R08: 00007f8f44af9c78 R09: 0000000000000003
> [  463.875776] R10: 000000000000089f R11: 0000000000000246 R12: 000055f771b5c000
> [  463.875779] R13: 0000000000000200 R14: 0000000000000000 R15: 000055f771b5c000
>
> This regression problem was introduced by commit e74540b28556 ("ocfs2:
> protect extent tree in ocfs2_prepare_inode_for_write()").
>
> Fixes: e74540b28556 ("ocfs2: protect extent tree in ocfs2_prepare_inode_for_write()").
> Signed-off-by: Gang He <ghe@suse.com>
> ---
>   fs/ocfs2/file.c | 14 ++++++--------
>   1 file changed, 6 insertions(+), 8 deletions(-)
>
> diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c
> index 9876db52913a..6cd5e4924e4d 100644
> --- a/fs/ocfs2/file.c
> +++ b/fs/ocfs2/file.c
> @@ -2101,17 +2101,15 @@ static int ocfs2_is_io_unaligned(struct inode *inode, size_t count, loff_t pos)
>   static int ocfs2_inode_lock_for_extent_tree(struct inode *inode,
>                                              struct buffer_head **di_bh,
>                                              int meta_level,
> -                                           int overwrite_io,
>                                              int write_sem,
>                                              int wait)
>   {
>          int ret = 0;
>
>          if (wait)
> -               ret = ocfs2_inode_lock(inode, NULL, meta_level);
> +               ret = ocfs2_inode_lock(inode, di_bh, meta_level);
>          else
> -               ret = ocfs2_try_inode_lock(inode,
> -                       overwrite_io ? NULL : di_bh, meta_level);
> +               ret = ocfs2_try_inode_lock(inode, di_bh, meta_level);
>          if (ret < 0)
>                  goto out;
>
> @@ -2136,6 +2134,7 @@ static int ocfs2_inode_lock_for_extent_tree(struct inode *inode,
>
>   out_unlock:
>          brelse(*di_bh);
> +       *di_bh = NULL;
>          ocfs2_inode_unlock(inode, meta_level);
>   out:
>          return ret;
> @@ -2177,7 +2176,6 @@ static int ocfs2_prepare_inode_for_write(struct file *file,
>                  ret = ocfs2_inode_lock_for_extent_tree(inode,
>                                                         &di_bh,
>                                                         meta_level,
> -                                                      overwrite_io,
>                                                         write_sem,
>                                                         wait);
>                  if (ret < 0) {
> @@ -2233,13 +2231,13 @@ static int ocfs2_prepare_inode_for_write(struct file *file,
>                                                             &di_bh,
>                                                             meta_level,
>                                                             write_sem);
> +                       meta_level = 1;
> +                       write_sem = 1;
>                          ret = ocfs2_inode_lock_for_extent_tree(inode,
>                                                                 &di_bh,
>                                                                 meta_level,
> -                                                              overwrite_io,
> -                                                              1,
> +                                                              write_sem,
>                                                                 wait);
> -                       write_sem = 1;
>                          if (ret < 0) {
>                                  if (ret != -EAGAIN)
>                                          mlog_errno(ret);
> --
> 2.12.3
>